Moodle XSS in Formula Editor Allows Remote Code Exec: CVE-2025-67850 February 2026

Moodle: moodle: cross-site scripting vulnerability via inadequate input filtering in formula editor
A flaw was found in moodle. This vulnerability, known as Cross-Site Scripting (XSS), occurs due to insufficient checks on user-provided data in the formula editor's arithmetic expression fields. A remote attacker could inject malicious code into these fields. When other users view these expressions, the malicious code would execute in their web browsers, potentially compromising their data or leading to unauthorized actions.

Vulnerability Analysis

CVE-2025-67850 is exploitable with network access, requires user interaction and a small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

REQUIRED

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

NONE

Timeline

2025-12-19

Reported to Red Hat.

2025-12-15

Made public.

Weakness Type

What is a XSS Vulnerability?

The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

CVE-2025-67850 has been classified to as a XSS vulnerability or weakness.

Products Associated with CVE-2025-67850

Want to know whenever a new CVE is published for Moodle? stack.watch will email you.

Exploit Probability

EPSS

0.01%

Percentile

2.03%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.